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(54) Digital copyright management system using electronic watermark 

(57) A system for managing a digital content partic- 
ularly a digital content to wfiich a copyright is claimed, 
and a system for supplying a put)lic-key whrch is used in 
the management of the digital content are provided. The 
digital content management program Is emt^edded to an 
operating system of a user apparatus as a micro-kernel, 
a watch program or a watch command which is linked to 
the digital content management program is transmitted 
to the user apparatus l>y using a network or data broad- 
casting, and tiiereby. the illegitimate usage of the digital 
content is v^tched. A visible watermark is added to the 
digital content when illegitimately utilized, to restrain 
later usaga Even in regular usage, the route of copying 
or transfemng the digital content can also be ascer- 
tained by adding an Invisible watermark. Further, a puth 
lie-key Is put in a public-key (fistributk>n screen to be 
distritxjted by ttie network or broadcasting. Image data 
to which information on owner of the pul)lic-key or on 
the user is added as an invisible electronic watermarK 
is entered to the public-key distribution screen, so that 
the authenticity of the publk;-key and the user is 
checked by the electronic watermark. 
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Description 

BACKGROUND OF THE INVENTION 

Field of the Invention 

The present invention relates to a system for man- 
aging digital content, specifically fa managing a copy- 
right of digital content claiming the copyright and for 
securing seaecy of digital content. 

Background Art 

In information- oriented society of today, a database 
system has been spread in which various data values 
having been stored independently in each computer so 
far are mutually used by connecting computers by com- 
munication lines. 

The irrformation having been handled by the data- 
k>ase system so far is classical type coded information 
which can be processed by a computer and has a small 
amount of information or monochrome binary data like 
facsimile data at most. Therefore, the prior art database 
system has not been able to handle data with an 
extremely large amount of information such as a natural 
picture and a motion picture. 

However, while the digital processing technique for 
various electric signals develops, development of the 
digital processing art has shown progress for a picture 
signal other than binary data having been handled only 
as an anak)g signal. 

By digitizing the above picture signal, a picture sig- 
nal such as a television signal can be handled by a com- 
puter. Therefore, a "multimedia system" for handling 
vartous data handled by a computer and picture data 
obtained by digitizing a picture signal at the same tme 
is noticed as a future technique. 

Because hitherto widely-spread analog content is 
deteriorated in quality whenever storing, copying, edit- 
ing, or transferring it. copyright issues associated with 
the above operatk)ns have not been a large problem. 
However, because the digital content is not deteriorated 
in quality after repeatedly storing, copying, editing, or 
transferring it. the control of copyrights associated with 
the above operations is a large problem. 

Because there is not hitherto any exact method for 
handling a copyright for the digital content, the copyright 
is handled by the copyright law or relevant contracts. 
Even in the copyright law, compensation money for a 
digital-type sound- or picture-recorder is only systema- 
tized. 

Use of a database includes not only referring to the 
contents of the database but also nonnally effectively 
using the database by storing, copying, or editing 
obtained digital content Moreover, it is possil>le to 
transfer edited digital content to another person via on- 
line by a commurtication line or via off-line by a prop^ 
recording medium. Furthermore, it is possit)le to trans- 



fer the edited digital content to the database to enter it 
as new digital content. 

In an existing database system, only character data 
is handled. In a ntuttimedia system, however, audio data 

5 and picture data which are originally analog content are 
digitized to a digital content and formed into a database 
in addition to the data such as characters which have 
been formed Into a database so far. 

Under the above situation, how to handle a copy- 

10 right of digital content formed into a database is a large 
problem. However, there has not been adequate copy- 
right management means for solving the problem so far, 
particularly copyright managenrerrt means completed 
for secondary utilization of the dgital content such as 

1$ copying, editing, or transferring of the digital content 

Although digital content refen^ed to as software vnth 
advertisement or as freeware is, generally, available 
free of charge, it is copyrighted and its use may be 
restricted by the copyright depending on the way of use. 

so In view of the above, the inventor of the present 
invention has made various proposals thus far in order 
to protect a copyright of the digital content In GB 
2269302 and U. S. Patent 5.504,933, the inventor has 
proposed a system for executing copyright manage- 

25 ment by obtaining a permit key from a key management 
center through a put>lic telephone line, and has also 
proposed an apparatus for that purpose in GB 2272822. 
Furthennore, in EP 677949 and in EP 704785, a system 
has been proposed for managing the copyright of the 

30 digital content 

bi these systems and apparatus, those who wish to 
view encrypted programs send a request to view a pro- 
gram using a comnuncation device to a management 
center via a comnrwnication line, and the management 

35 center transmits a permit key in response to the request 
for viewing, and charges and collects a fea 

Upon receipt of the permit key, those who vnsh to 
view the program send the permit key to a receiver 
either by an on- line or an off- line means and the 

40 receiver, which has received the permit key, decrypts 
the encrypted program according to the penrtit key. 

The system descrbed in EP 677949 uses a pro- 
gram and copyright information to manage a copyright 
in addition to a key for permitting usage in order to exe- 

45 cute the management of the copyright in displaying 
(including process to sound), storing, copying, editing, 
and transferring of the digital content in a database sys- 
tem, including the real time transnrtission of digital pic- 
ture content The cqjyright management program 

50 watches and mar^ges to prevent from using the digital 
content outside the conditions of the user's request or 
permission. 

Furthermore. EP 677949 discloses that the digital 
content is supplied from a database in an encrypted 
55 state, and is deaypted only when displayed and edited 
by the copyright management program, while the digital 
content is encrypted again wrhen stored, copied or 
transferred. EP 677949 also describes that the copy- 
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right management program itself Is encrypted and is 
decrypted by a penmit key, and that the decrypted copy- 
right management program performs decryption and 
encryption of the digital content and when usage other 
than storing and displaying of the digital content is exe- 5 
cuted, the copyright information including information 
atxHJt the one who has executed Is staed as a history, 
in adcfition to the original copyright information. 

In U. S. Patent Application No.08/549.270 and EP 
715241 relating to the present applicatioa there is pro- 10 
posed a deayption/re- encryption apparatus having 
configuration of a board, a PCMCIA card or an IC card 
for managing the copyright, and a system for depositing 
a crypt key. Also, a reference is made to apply the cop- 
yright managOTent method to a video conference sys- 15 
tem and an electronic commerce system. 

In EP 709760, a system has been proposed 
wherein the protection of an original digital content cop- 
yright and an edited digital content copyright in case of 
the edited digital content using a plurality of digital con- 20 
tents is carried out by confirming the valkiity of a usage 
request accorc£ng to a digital signature on an edit pro- 
gram by combining a secret- key cryptosystem and a 
put>llc-key cryptosystem. 

In EP 719045, various forms have been proposed 25 
fa applying the copyright management system to data- 
base and video-on^jemand (VOD) systems or elec- 
tronic commerce. 

In EP 746126. a system has been proposed, in 
which copyrights on an original digital content and a 30 
new digital content are protected by using a third oypt 
key and a copyright label in case of using and editing a 
plurality of digital contents. 

As can be understood from the digital content man- 
agement systems and the digital content management 35 
apparatus which have been proposed by the inventor of 
the present Invention described alxyve, the manage- 
ment of a digital content can be realized by performing 
encryption/decryption/re-encrypton and restricting the 
form of the usage by the copyright rranagement pro- 40 
gram The cryptography technology and the usage 
restriction thereof can be realized by using a computer. 

In a case where secret information is exchanged 
via a network, the information is encrypted for prevent- 
ing from piracy. 45 

Preventing from the information piracy when trar^ 
mitled is described in U.S. Patents Nos. 5,504,818 and 
5,515,441, and using a plurality of crypt keys in such a 
case is described in U.S. Patents Nos. 5.504,816, 
5,353.351, 5,475.757 and 5.381.480. Performing re- so 
encryption is described in U.S. Patent IVk).5,479.514. 

In order to use the computer effidenUy, an operat- 
ir^g system (OS) is used which, supervises the overall 
operation of the computer. The conventional operating 
system (OS) used on a personal conputer or the like is ss 
constituted of a kernel for handling basic services such 
as memory control, task contrpi, intenuption. and com- 
nujnication between processes and OS services for 



handling other services. 

However. Inprovement in the functions of the OS 
which supervises the overall operation of computers is 
now beng demanded where drcumstances change on 
the conrputer side, such as inproved capability of 
microprocessors, a decreased price of RAM (Random 
Access Memory) used as a main memory, as well as 
Improvement in the performance capablBty of comput- 
ers is required by users, as a consequence, the scale of 
an OS has become conrperatively larger than before. 

Since such an enlarged OS occupies a large space 
itself In the hard disk stored OS. the space for storing 
the application programs or data needed by the user is 
liable to t>e insuffident. with the result in which the 
usage convenience in the conrtputer becomes unfavora- 
ble. 

In order to cope with such a situation, in the latest 
OS, an environmental sub-system for performing enrui- 
lation of other OS and graphics displaying, and a core 
sub-system such as a security sub-system are rennoved 
from the kernel, as a sub-system that is a part that 
depends on the user. The basic parts such as a HAL 
(Hardware Abstraction l-ayer) for absorbing differences 
in hardware, a scheduling function, an interruption func- 
tion, and an I/O control function is a micro-kernel, and a 
system sendee API (Application Programming Inter- 
face) is interposed between the suthsystem and the 
micro-kernel, thereby constituting the OS. 

By doing so. extension of the OS by change or addi- 
tion of functions will be improved, and portability of the 
OS can be fadlrtated con-esponding to the applications. 
By a distributed arrangement for elements of the micro- 
kernel to a plurality of network conputers, the distrib- 
uted OS can also be realized without difficulty. 

Computers are used In computer peripheral units, 
various control units. arxJ communication devices in 
addition to the personal computers represented by the 
desktop type or notebook type computers. In such a 
case, as an OS unique for en^edding. applicable to 
each of the devices, a Real Time OS (RTOS) is adopted 
in which execution speed is enphasized, unlike a gen- 
eral-purpose personal computer OS. in which the man- 
machine Interface is enrtphasized. 

Naturally, the development cost for a respective OS 
unique to each device embedded will be high. There 
has recently been proposed, therefore, that a general- 
purpose OS for personal conputers as an RTOS for 
embedding Is used instead. By arranging a specked 
program for embedding in a sub-system comt)ined with 
the nucro-kemel. an RTOS for embedding can be 
obtained. 

As the major functions of an OS, there is a task con- 
trol, such as scheduling. Interruption processing, and 
the Gke. With respect to the task control, there are two 
kinds of OS's: a single-task type, in which only one task 
is executed at tiie same time, and a mufti-task type, in 
which a plurality of task processes are executed at the 
same time. The nuilti-task type Is further dassified into 
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two kinds; one multi-task type, in which changing of 
tasks depends on the task to be executed, and the other 
mufti-task type, in which the changing does not depend 
on the task to be executed. 

In the aforementioned types, the single-task type s 
assigns one process to a MRU (Miao Processor Unit) 
and the MPU is not released until the process comes to 
an end. and a non-preemptive multi-task type performs 
time-division for the MPU, and the MPU can be 
assigned to a plurality of processes. As long as the 10 
process which is being executed does not give control 
back to the OS, other processes are not executed. And 
a preemptive multi-task type intenupts the process 
which is being executed during a certain time interval 
and thereby forctoly mcve the control to another proc- is 
ess. Consequently, real time multi-task can be available 
only in the case of the preemptive type. 

The task control in a computer is performed accord- 
ing to processes being units having system resources 
such as a memory and a file Process control is per- 20 
formed according to a thread, being a unit in which MPU 
time is assigned, in which the process is minutely 
divided. Irrcidentaliy, in this case, the system resources 
are shared in all the threads in the same process. More 
than one threads, therefore, may exist which share the 2S 
system resources in one process. 

Each task which is processed by the multi-task type 
has a priority spectrum, which is generally divided into 
32 classes.- In such a case, a normal task without inter- 
ruption is classified into dynamic classes which are 30 
divkJed into 0 to 15 classes, while a task performing 
intenruptbn is classified into real-time classes divided 
into 16 to 31 classes. 

Intenxiption processing is carried out using inter- 
ruption enabling time (generally, 10 milGseconds) 3S 
referred to as a time slice, as one unit A nonnal inter- 
ruption is carried out during a time slice of 10 millisec- 
onds. In such a situation, a time slice has recently been 
proposed wherein the intenruption enabling time is set to 
1 00 microseconds. When such a real time slice is used, 40 
an interruptton can be carried out with greater priority 
than the conventional 10 milliseconds interruption. 

The enayption technique is the means to exclude 
illegitiniale use of the data content but perfect operation 
is not guaranteed. Thus, the possibility of iDegitimate 45 
use of the data content cannot be completely excluded. 

On the other hand, electronic watermark technique 
cannot exclude the posstoility of illegitimate use, but if 
illegitimate use is found, rt is possble to check the illegit- 
imate use by verifying the content of electronic water- so 
mark, and there are a number of methods in this 
technique. These methods are described in NB<kei Elec- 
tronics, No.683, 1997-2-24, pp.99- 124. "'Digital water- 
mark* to help stop to use illegal proprietary digital works 
in the multimedia age". Also, desaiption is given on this ss 
techreque by Walter Bender et al.. "Introducing data- 
hiding technology to support digital watermark for pro- 
tecting copyrights". IBM System Journal, vol. 35. Nos. 3 



& 4. International Business Machines Corporation. The 
electronic watermark technique is also descn'bed in EP 
649074. 

Summarv of the Invention 

"The present invention provides a system for man- 
aging a digital content, and nrrore particularly a system 
for managing the digital content to which a copyright is 
claimed and a system for supplying a public-key used 
for managing the digital content. 

In a digital content management system which is 
proposed in the present invention, illegitimate usage of 
the digital content claiming a copyright is watched by 
using a network or data broadcasting. A digital content 
management program is embeckJed as a miao kernel to 
an operating system of a user apparatus, so that a 
usage of the digital content claiming the copyright is 
managed by the digital content management program. 
The user apparatus is under the management of the 
digital content management program, wWch is linked to 
a usage watch program, and ttie usage watch program 
performs a process with higher interruption priority tt^an 
tiie digital content managemerrt program. The usage 
watch program watches the illegitimate usage of the 
digital content claiming tiie copyright, and when the dig- 
ital content is illegitimately utilized, a warning or a stop 
for tiie usage is given, or visible electronic watenmark is 
added to the digital content 

Further, invisible electronic watermark may be 
added in place of the visible electronic watermark to 
keep ti-ack of tiie usage status also when the digital con- 
tent is regulariy utilized. 

Furthermore, the present invention provides a sys- 
tem for distributing a public-key by means of a network 
or broadcasting. The puWic-k^ is put in a public-key 
disti-ftxition screen to be distributed. On tiie public-key 
distribution screen, image data is entered, wherein 
information on tiie owner of tiie public-key is added as 
an invisible electronic watermark. When the user 
presents the public-key distribution screen to a putrfic- 
key management center, the public-key management 
center checks the validity of the public-key owner by the 
invisible electronic watermark. 

In a case where the public-key is distn"buted by 
means of a networK the information on the public-key 
owner or the hformation on tiie user who requests the 
public-k^ is added as the invisible electronic water- 
nwk so that the validity of the public-key or the validity 
of the user can be checked by delecting the added invis- 
itiie electronfo watermark. In such a case, checking can 
be facilitated when an electronic fingerprint of the user's 
public-key is used as the inforn^on on the user. 

Brief Descritrtion of the Dravyinos 

Fig. 1 is a structural concept view showing an oper- 
ating system having a digital content management func- 
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tion used in the present invention. 

Rg. 2 is a structural view showing a digital content 
management system for watching an illegitinrate usage 
of the digital content according to the present invention. 

Rg. 3A and Rg. 3B illustrate a management state s 
by the di^ content nr^anagement system of the 
present invention. 

Rgs. 4A. 4B arxj 4C tllustrate another management 
state the digital content management system of the 
present irrvention. io 

Rg. 5 is a structural view showing another digital 
content management system for watching an illegiti- 
mate usage of the digital content according to the 
present invention. 

Rg. 6 IS a structural view showing a digital content is 
management system for distributing a public-key used 
for the nrianagement of the digital content according to 
the present invention. 

Rgs. 7A, 7B. 7C and 7D illustrate a metfxKl for dis- 
trOxiting a public-key by the digital content management 20 
system of Rg. 6. 

Rg. 8 is a structural view showing another digital 
content management system for distritxjting a public- 
key used for the management of the digital content 
according to the present invention. 25 

Rg. 9 is a structural view showing yet another dig- 
ital content management system for distributing a pul>- . 
lie-key used for the management of the digital content 
according to the present invention. 

Rgs. 10A. 108, 10C and 10D illustrate a method for so 
distributing the public-key by the digital content man- 
agement system of Rg 9. 

P^AILED DE3CPIPTIPN OF T H^ INVENTION 

35 

The description of the preferred embodiments 
according to the present Invention is given below refer- 
ring to the acconpanied drawings. 

In the protection of a digital content copyright, the 
greatest issue is how to prevent from illegitimate usage 40 
of the digital content on the user side apparatus. For this 
purpose, decryption/re-erx;ryption and restriction on 
usage are carried out by a digital content management 
program in a Method lor Controlling Database Copy- 
rights as desCTil>ed in EP 677949. 45 

However, since decryption/re-encryption of the dig- 
ital content to be protected the copyright is performed 
using an apparatus on the user side, it is virtually impos- 
sS)le to expect that processing of the decryption/re- 
encryption and the managenrient of a crypt key which is so 
used for the purpose will be complete. There is a possi- 
bility that the digital content will be illegitimately stored, 
copied, transferred and ec£ted by invalidating the digital 
content management program. 

In order to restrict such illegitimate usage, it is 55 
required that the digital content management program 
for decryption/re-encryption of the digital content and 
for managing the crypt key cannot be altered by the 



user. For this purpose, that the digital content manage- 
ment program is hardwarized, which is firmware, is the 
most secure method. 

For example, a dedicated scramble decoder is cur- 
rently used for descrambling scrambled broadcast pro- 
grams in analog television broadcast, and by using a 
similar configuration, a dec£cated digital content man- 
agement apparatus, so that decryption/re-encryption of 
the digital content and management of the crypt k^ are 
available only by the dedicated digital content manage- 
ment apparatus. 

Although such a configuration is reltat)le, the sys- 
tem structure is lacking in flexibility. When the apparatus 
on the us«r side is changed, or the digital content man- 
agement program is changed, it is very hard for the user 
to respond to such changes. 

In order to correspond with flexibiGty to a case 
where the apparatus on the user side changes, or a 
case where the digital contertt management program is 
changed, it is desirable for the digital content manage- 
ment program to t>e software. However, there is a possi- 
bility that the digital content nr^anagement program is 
altered as long as the digital content management pro- 
gram is an application program. 

For the digital content management program being 
software, the digital content management program is 
required to be embedded in a kernel that is a f ixed area 
of the operating system and cannot altered by the 
user. However, it is not practical for the digital content 
nianagement program to be embedded in the fixed area 
of a kernel, where the digital content management sys- 
tem and the cryptosystem are cfifferentiated between 
the databases. 

As desatoed at>ove, some FTTOS can perform inter- 
ruption in real time slice time which is one or two figures 
faster than the time slice of the system in another OS 
that includes kernel area. By using this technology, the 
usage status of the digital content which is claiming the 
copyright is watched vwthout affecting the overall oper- 
ation. And if an illegitimate usage is found, it is possible 
to give a warning or to forcibly stop the usage thereof. 

Next, a method for reinforcing a digital content man- 
agement program fcsy using a RTOS is descrbed. 

Since illegitimate usage of the digital content is car- 
ried out by unauthorized editing, unauthorized storing, 
unauthorized copying or unauthorized transferring of 
the decrypted digital content whether the illegitimate 
usage has been carried out or not can be detected by 
whether editing, storing, copying or transferring of the 
decrypted digital content is performed or not As a con- 
sequence, the process for watching the illegitimate 
usage interrupts a process which is being executed by 
the cfigital content management program, in a certain 
time interval, wtule interrupting by a preemptive type 
multi-task which fbrcil)ly can-ies out watching of the 
process. 

The multi-task time slice normally used is 10 milli- 
seconds, arxl the decryption/re-encryption process is 



5 



BNSDOCID: <EP__oe84e69iA2_L> 



9 



EP0 884 669 A2 



10 



carried out in this time unit. On the other hand, the fast- 
est real time slice is 100 microseconds, wrfiich is 1/100 
of the normal time unit. Consequently, the watching 
task, which has high interruption priority, can watch the 
digital content as to whether the decrypted digital con- 5 
tent is being edited, stored, copied or transferred, so 
that the usage status of the digital content for which the 
copyright is claimed can be watched witfiout affection- 
ing regular usage by the user, and when the legitimate 
usage is found, a warning can be given and usage t 
thereof can be forcitily slopped. 

The digital content management program with such 
a watching function Is embedded into a sub-system 
area which is operated in the user mode in place of the 
kernel of the OS, and the watching process is regarded u 
as a process with a high priority. By this configuration, 
the usage status of the digital content by decryption/re- 
encryption and also the illegitimate usage other than the 
permitted usage can be watched at the same time, and 
such watching can be executed smoothly. 2c 

Fig. 1 shows a structure of an operating system into 
which the digital content management program is 
embedded. This operating system conprises an execu- 
tive which works in a kemel mode which cannot be 
operated by the user, and a sub-system which works in 25 
a user mode which can be operated by the user. The 
executive and the sub-system are interfaced with a sys- 
tem servrce API (Application Programing Interface), and 
a HAL is interposed between the hardware and the ker- 

3C 

The sub-system comprises an environmental sub- 
system for performing emutetion of other operating sys- 
tem and graphics displaying, and a core sub-system 
such as a security sub-system, and an application pro- 
gram. ^ 

In the executive, a virtual memory manager which 
is the nucro-kernel, an object manager, an LPC (Local 
Procedure CalQ function, a process manager, a security 
reference monitor, and an lO manager which manages 
irput and output between kernel and disk, and networi^ 4o 
which is the most basic elements, and further ttie digital 
content management program which manages the dig- 
ital content claiming the copyright namely, a digital con- 
tent manager are embedded. To manage storing, 
copying or transferring the digital content, which is an 45 
important part of the digital content management, is 
carried out by the digital content manager managing the 
I/O manager. 

What is shown in Fig. 2 is an embodiment of the 
digital content management system to which the so 
present invention is applied. In this digital content man- 
agenient system, tfie usage status of the digital content 
by tfie user is watched via the netwrark. 

In Rg. 2. reference numeral 1 represents a data- 
base; 2 a cfigital content management center: and 4 a 55 
user. Between the user 4 and. the database 1 and ttie 
digital content management center 2 are connected by 
a networic 3 which is a communication fine or a bidirec- 



tional CATV line. 

The digital content is stored in the database 1 , and 
the enaypted digital content is transferred to tfie user 4 
via a path 5 shown by a broken line. The database 1 
transfers a aypt key for decryption and a crypt key for 
re-encryption, which are ttie crypt keys for decryp- 
tion/re-encryption of the digital content to ttie digital 
content management center 2 via a path 6. The digital 
content management center 2 encrypts the crypt key for 
decryption and tfie crypt key for re-encryption which 
have been transferred, and dfetributes tiiem to the user 
4 via a patii 7 shown by a broken line. The digital con- 
tent management center 2 furttier transmits a watch 
program to tt)e user 4 via a path 8 shown by a solid line. 

The usage permission details are managed by the 
digital content management program, which is embed- 
ded to an apparatus used by tiie user 4. However, it is 
impossible to completely deny the possiWIity ttiat ttie 
digital content coukJ be utilized by an ill-willed user out- 
side the range which is managed by ttie digital content 
management program. The digital content management 
program manages the input and output of tiie user 
apparatus 4. The input and output from ttie memory, 
namely storing, copying, and transfen^ing ttie digital 
content by tfie user, are all managed by ttie digital con- 
tent management program, and when ttie digital content 
IS stwed, copied, or transferred, it is re-encrypted. Even 
if an ill-will user makes periorming ttie above-mentioned 
management inpossiWe. ttie fact that ttie digital content 
IS stored, copied or transfen-ed is detected by the watch 
program which interacts ttie digital content manage- 
ment program. 

The watch program performs ttie watching work by 
liking witti ttie digital content management program 
embedded in the user apparatus 4. and by inten-upting 
a process of ttie digital content management program; 
and watches whettier or not ttie user utilizes ttie digital 
content beyond ttie usage permission. If ttie unauttior- 
ized storing, copying or transferring usage is detected, 
ttie watch program, instead of displaying a warning 
desaibed in EP 677949, stops to pertbrm decryptfon. 
forcibly re-encrypts ttie cfigital content witti a crypt key 
which is not known to ttie user or adds ttie visible elec- 
tronic watermark to ttie original digital content of Rg. 3A 
as shown in Rg. 3B. or adds ttie invisible electronk; 
watermark to ttie digital content as shown in Fig. 4B. 

Here, ttie usage permission refers to sinple usage, 
storing into an inside storing device, copying to an out- 
side medium, or tiwsferring to ottier users via a net- 
work, of ttie digital content 

Incidentafly, for a visible electronic watermark to be 
added, it is preferable to use somettiing tiiat can be eas- 
ily identified such as a user name. 

When ttie digital content management program 
embedded to tfie user apparatus is working, the watch 
program cooperatea In ottier words, it Is a configuration 
ttiat ttie digital content management program does not 
work unless ttie watch program worths cooperatively 
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with the digital content management program. 

For the aforementioned purpose, what the watch 
program does is to set a condition for working the digital 
content management program, via a network. Other- 
wise, when the digital content management program 5 
works, the watch program is automatically operated via 
the network. 

In a case where the digital content which have been 
transferred to the user via the network is used, the 
watch program is entered into the digital corrtent to be io 
transfened and thus, the watch program is also trans- 
ferred together with the digital content when transfen-ed. 

Further, the watch program may be integrated with 
the digital content management program so that a 
watch command is sent which makes the digital content is 
management program to perform the watch work, 
thereby allowing the digital content management pro- 
gram to watch the digital content. 

In the digital content management system, which is 
executed via the networK when digital content having a so 
large amount of information such as picture data is han- 
dled, an ISDN (Integrated System for Digital Network) 
line is used in many cases as a communication line 

As the ISDN line, there are generally used two data 
channels having a data transmission speed of 64 Kl>ps 25 
(kilo bits per second) referred to as B channels, and a 
control channel having a data transmission speed of 16 
Kbps referred to as D channel. Naturally, the digital con- 
tent Is transmitted through one or two data channels, 
while the D channel is not used in many cases. 30 

Thus, if the D channel is used for the intenruption 
watching by the watch program, it would be possit^e to 
watch the usage status by remote control without affect- 
ing the usage of the digital content at all. 

Furthermore, in case of using a public line, irrterrup- 35 
tion watching can be efficiently carried out by using 
ADSL (Asymmetric Digital Subscriber Line) technology, 
which is capable of realizing a maxinum transmission 
speed of 56Kbps for downloading. 

Figs. 4A-4C show an example in which an elec- 40 
tronic watermark Is added even when regular storing, 
copying or transferring of the digital content, within the 
usage permission detaSs. The electronic watermark in 
this case is an invisiWe electronic watermark which is 
detected as shown in Rg. 4B by the electronic water- 45 
mark detection means. If the electronic watermark 
detection means is not used, the digital content can be 
seen at a glance to be the same as the original digital 
content as shown in Rg. 4A. 

Incidentally, for an invisible electronic watennriark to so 
be added, similar to the case of the visible electronic 
watermaric. it is appropriate which can be easily identi- 
fied, such as a user name or the like. 

By doing sa the route of storing, copying, and 
transferring can be ascertained in the case where the ss 
digital content is illegitimately utilized, even if the cfigrtal 
content has been normally utilized in the beginning. 
Further, even in case of normal usage, the repeats of 



storing, copying and transferring makes the invisible 
electronic vratermark increase, as shown in Rg. 4C. 
with the result that deteric^-ates the quality of the digital 
content As a consequence, endlessly storing, copying 
and transferring may be impossible and managing the 
digital content can be fadEtated. 

For the digrtal content which is not deteriorated in 
quality after repeatedly storing, copying and transfer- 
ring, also therefore, deteriorating the digital content in 
the atxyve manner allows to restrain the illegitimate 
usage without actively managing copyrights, similarly a 
case where analog content is deteriorated by repeat- 
edly storing, copying and transfenlng. 

Adding visWe electronic watermark or noise may 
be used for restraining the illegitimate usage, as means 
for deteriorating the quality of the digital content other 
than the invisible electronic watermark. 

"Re-encryption." which is an important element for 
the digital content management is a process being a 
considerably heavy burden to the user apparatus. As a 
consequence, singly adding the electronic watenmark 
is effective for preventing lllegitinDate usage of the cfigrtal 
content as a simplified nwnner. 

In a case where the digital content is used in pay 
basis, as described in EP 677959, if a user obtains a 
use permit key in advance, charging a fee can be easily 
carried out. In a case where a digrtal content manage- 
ment center collects metering data which is a usage 
result later by polling and charges tiie fee. the metering 
data is placed under the management of the user until 
the polling is carried out As a consequence, the meter- 
ing data may be falsified by an ill-will user and then, 
tfiere is a possil>ilrty that normal charging is not carried 
out. 

In the digrtal content management system of the 
present entxxJiment, the user apparatus is always con- 
nected to the digital content management center while 
the user is utilizing the digital content, and the usage 
status is watched by tiie watch program. If tiie metering 
data is stored at the digital content management center, 
in the watching wort^ there is no need for polling, arxl 
therefore, falsification of the metering data by the user 
can be prevented. 

Furthernrx>re, even in a case where the digital con- 
tent is used free of charge, the usage status by the user 
can t>e easily grasped. 

Rg. 5 shows a structural view of ar>other embodi- 
ment of the digital content management system to 
which the present invention is applied. In this cGgital 
content n^agement system, the usage status of the 
digrtal content is watched by broadcasting. 

In Rg. 5. reference numeral 11 represents a data- 
base, 12a digital cornent management center, and 1 4 a 
user. Between the user 1 4 and. the database 1 1 and the 
digital content management center 12 are connected 
with the network 13 such as a put)lic line or a bidirec- 
tional CATV line. 

In the database 1 1 . the digital corrtertt is stored. The 
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encrypted digital content Is transferred to the user 14 via 
a path 15 shown as a broken line. The digital content 
management center 12 encrypts a crypt key for decryp- 
tion and a crypt key for re-encryption which are crypt 
keys for performing decryption/i-e-encryption of the 5 
encrypted digital content, and distributes them to the 
useri 4 via a path 1 7 shown by the broken line. The dig- 
ital content management center 12 further transfers a 
watch command to a broadcasting station 19, and the 
broadcasting station 1 9 transmits the transferred watch 10 
command to the user 14 through a path 18 shown by a 
solid line. 

A broadcasting wave Is most generally used for the 
path 18. but a CATV cable as a cable broadcasting may 
also be used. In a case where broadcasting via Internet is 
IS carried out it is possible to use the network as well. 

The watch command Inteirupts a process executed 
by the digital content management program which is 
embedded to an apparatus used by the user 14. and 
makes the digital content management program watch 20 
whether or not the user utilizes the digital content 
b^nd the usage permission. And then, if the unau- 
thorized storing, copying or transferring usage is found, 
the digital content management program stops the 
decryption process, or adds the visible electronic water- 25 
mark of Rg. 3B or adds the invisible electronic water- 
mark of Fig. 4B to the digital content 

When the digital content management program 
embedded to the user apparatus is working, the watch 
command is caring out interruption. In other words, it is a? 
constituted that the digital content management pro- 
gram does not work unless the broadcast wave in which 
the watch command is broadcast is received. 

For the aforementioned purpose, the fact that the 
watch command is received via the broadcast wave is 35 
set as a condition for making work the digital content 
management program. Othenwse. when the digital con- 
tent management program is worked, the watch com- 
mand is automatically received via broadcast wave. 

In a case where the digital content which have been 40 
transferred to the user by data broadcasting or the like 
IS used, the watoh command is entered into the digital 
content to be transferred and thus, ttie watch command 
IS also transferred together with the digital content 

The digital content management program manages 45 
the input and output in the user apparatos 1 4. The irput 
and output from ttie memory by the user, namely. Cor- 
ing, copying and transferring the digital content are all 
managed by the digital content management program, 
and when the digital content is stored, copied or trans- so 
ferred. it is re-encrypted. Even in a case where the man- 
agement oarmot be earned out due to an ill-will user, the 
tact that the digital content is stored, copied or trans- 
fen-ed is detected by the watch program which intemipts 
the digital content management program. 55 

If the watch program detects illegitimate usage, ft 
adds the visible electronic watennark shown in Fig. 3B 
instead of displaying a warring desaibed in EP 677949. 



It may also be possible to add invisible electronic water- 
mark which is detected only by tiie electronic watermari< 
detection means, as shown in Figs. 48 and 4C when 
normal usage of storing, copying or transferring within 
the usage permission. 

ITie aforementioned watching work through broad- 
casting or a network Is earned out not by the user 
according to the user's own will, but by tfie digital con- 
tent management program automatically when the dig- 
ftal content claiming the copyright is utilized. 

In order to ensure the above operation further, it is 
constituted that decryption/i^e-encryption by the digftal 
content management program are not earned out 
unless watahing work through broadcasting or a net- 
work is carried out. 

Furthermore, when the digital content claiming ttie 
copyright is utilized, ttie broadcast wave for broadcast- 
ing tile watch program is received or ttie user apparatus 
IS automatically connected to ttie management center 
whkjh tiBnsmits tfie watch program via a networie 

Next, an embocfiment for distributing a public-key is 
described. 

The size of a crypt key used in the secret-key cryp- 
tosystem. which is also refen-ed to as a common key 
system, is about 100 bits at tfie largest, whereas ttie 
size of tfie crypt key which is used in ttie public-key 
cryptosystem exceeds 1000 bits in tiie case of a laipe 
one. The piWic-key cryptosystem has high security, and 
on ttie other hand, performing ttie encryption and 
decryption is rattier conplex, and ttierefore. it is used for 
encyption of data of conperatively small amount when 
sencfing of a secret-key. digftal signature, auttientication 
and tfie like. Encrypting ttie digftal content is performed 
by using ttie secret-key. 

In tiie public-key ayptosystem. a public-key and a 
private-key are used in combination witti each ottier. 
The private-key is under ttie management of the owner 
of ttie key, so ttiat ottier persons cannot know the pri- 
vate-key. whereas ttie public-key is required to be 
known by otfier persons for usage purposes. 

As a consequence, ttie publfc-key is distributed to 
ttie public by varfous means. At tfiat time, if ttie public- 
key can be received directty from ttie owner, ttiere is Ift- 
tie possibilfty ttiat a false public-key will be received, or 
ottieiwise. a false public-key may be distrftxrted. 

A cfigftal content management system, a so-called 
key distiibution networic is here proposed, which allows 
to check easily whettier ttie distributed public-key is cor- 
rect or not. where the public-key is distributed by indirect 
distrbution means such as through broadcast or a net- 
work. 

Fig. 6 shows an embodiment of the digital content 
management system of ttie present invention in which 
ttie public-key is distributed by broadcasting. 

Since ttie public-key is generally distributed widely, 
ttiis digital content management system can be used as 
a simplified auttientication mettxxJ ttiat takes place of 
PEM (Privacy Enhanced Mail) mettiod which is adopted 
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in the public-key authentication method used as a put>- 
lic-key authentication system such as in the electronic 
commerce. 

In Rg. 6, reference numeral 21 represents an 
owner of a public-key, 22 a public-key nnanagement s 
center. 23 a broadcast station. 24 a network, and 25 a 

user. 

The broadcast station 23 is a broadca^ station of 
television of terrestrial analog, satellite analog, CATV 
analog, terestrial digital, satellite digital. CATV digital io 
and the like, or of sound. Data broadcast is carried out 
by appropriate means such as VBI (Vertical Blanking 
Interval), audio multiplexed, data insertion. A station for 
Intemet tffoadcast may be used as this broadcast sta- 
tion. 15 

The network 24 is a public line or a bidirectional 
CATV line. The public-key management center 22 and 
the user 25 are connected with the network 24. The 
broadcast station 23 and the user 25 are connected with 
an appropriate infornration transmission medium. so 

In the digital content management system as at>cv6 
anrangement the public-key owner 21 transfers some 
data for identification of the public-key owner which cer- 
tifies identrty of the owner of the putDlic-key and the pub- 
lic-key, to the public-key management center 22 via the 25 
path 26. 

As the data for identification of the public-key 
owner, information such as the name of the the public- 
key owner is directly used in this case. However, an 
electronic fingerprinting which the information is 30 
reduced to 16-byte data with MD5 hash algorithm, may 
be used. 

The public-key management center prepares a 
pufc>lic-key distribution saeen as shown in Rg. 7A and 
the public-key is put in a predetermined position. This 35 
screen is prepared by using HTML (Hyper Text Markup 
Language) or XML (extensible Markip Language) so 
that the public- key can be easily separated and used. 
Image data is entered to a part thereof. 

In this image data, the data for identification 4o 
(owner's ID) of the put>lic-key owner 21 is added as the 
invisible electronic watermark. The algorithm for this 
invisible watermark and the added position are known 
only to the putdtc-key management center. Then, the 
public-key management center can know the descrp- 45 
tion of the electronic watermark as shown in Fig. 78, 
however, a normal screen as shown in Rg. 7A is pro- 
vided when viewed and cannot be known the descr^ 
tion of the electronic watermark to other people. 

If the image saeen is used for an advertisement, so 
the cost required for the distribution of the public-key 
can be earned through the advertisement fees. Addi- 
tional infbrnnation such as urgent or notice information 
can be further inserted on another part thereof. Further- 
more, a time stamp may be added to can-y out manage- 55 
ment such as setting of a valid period. 

It is most appropriate to use a photograph as the 
image data. When the sound data can be used, it is also 



possil)le to add the electronic watermark to the sound 
data. 

The broadcast station 23 broadcasts the public-key 
distribution screen, which has been prepared in the 
aforementioned manner, via the broadcast path 28. 

Although the broadcast public-key distribution 
screen is received by the user 25. the electronic water- 
maric added to the image saeen of the ptWic-key distri- 
bution screen Is invisible, and thus, the user 25 cannot 
know the description of the electronic watermark. 

The user 25 separates the public-key from the 
broadcast public-key distribution screen to be used for 
various electronic commerce. However, when the 
authenticity of the puljlic-key is doutjted. the puWrc-key 
distribution saeen is transferred to the public-key man- 
agemwrt center 22 via the path 29 by the nelwori^ 24. 

The public-key management center 22 detects the 
tnvisble electronic watermark added to the image 
screen of the transferred public-key distrflDution saeen 
and notifies the kientification information of the public- 
key owner which is detected as shown in Rg. 78 to the 
user 25 through the path 30 by the network 24. 

8y so doing, when a different person pretends to be 
the owner of the public-key, the pretension can be 
detected. In this case, when an electronic fingerprint is 
used as identification information for the owner of the 
public-key. the detection can be remarkably facilitated. 

For the image screen, a favorite saeen shown in 
Rg. 7C. or a photograph of the public-key owner himself 
(herseH) can be put other than advertisement as shown 
in Rg. 7D. In such cases, fees for put in the saeen are 
collected and can be used for tiie broadcast costs. 

Inckientally. the invistole electronic watemiartc 
added in this embodiment can be detected only by the 
public-key management center. If watermark detection 
algorithm is installed In the digital content managment 
program shown in Rg. 1 or watermark detection pro- 
gram is embedded to the executive as an independent 
micro kernel, it is also possit3le for the user to confirm it 
only In such a case, an electronic fingerprint may be 
used as the kientificatk>n Information for the public-key 
owner, so that the user can confirm the electronic fin- 
gerprint of the public-key owner. 

Another embodiment of the present invention Is 
descrft)ed bekaw. In whkrfi a public-key Is distributed In 
accordance vrith the request by a user, referring to Rg. 
8. 

The digital content management system for distrit>- 
uting the public-key by broadcasting, which is desalbed 
refenir^g to Rg. 6. Is an effective system in a case where 
the public-key is distributed to an ind^nite large 
number of users used In electronic commerce or the 
like. On the contrary, in case of using for the personal 
mall transmission, ttie public-key is usually distrftxrted to 
a definite small nunrt>er of users, and thus, it is not 
required for tfie public-key to be distributed by broad- 
casting. In the digital content management system 
shown in Rg. 8. since the public-key Is dstributed Indi- 
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vidually via the networK the system can be used as a 
simplrf ied authentication method in place of PGP (Pretty 
Good Privacy), which is adopted in the public-key 
authentication method used for such as e-mail. 

In Rg. 8. reference numeral 31 represents a public- s 
key OMvner, 32 a public-key management center, 33 a 
network, and 34 a user. 

The network 33 is a public fine or a bitfirectional 
CATV line. Between the user 34. and the public-key 
owner 31 and the public-key management center 32 are io 
connected with the network 33. Between the public-key 
owner 31 and the public-key management center 32 are 
connected by an appropriate information transmission 
means. 

In the digital content management system as above is 
arrangement, the put>lic-key owner 31 transfers some 
data for kientif ication of the public-key owner which cer- 
tifies identity of the owner of the public-key and tiie pub- 
lic-key, to the public-key management center 32 via the 
path 35. 20 

The public-key management center 32 puts the 
public-key in a predetermined position of tiie public-key 
distribution screen as shown in Rg. 7A and further, 
adds the data for identification of tfie public-key owner in 
the image screen of the public-key distribution screen 25 
as an invisible electronic watermark to be sent back to 
the public-key owner 31 via the path 36. 

Since tine data for identifteation of the public-key 
owner and the public-key distrixjtion saeen used in the 
digital content management system of tfiis embodiment 3o 
are the same as in tiie case of the digital content man- 
agement system shown in Rg. 6, furttier explanation will 
be omitted. 

The user 34 who v«shes to obtain the public-key of 
the public-key owner 31 rec^ests distribution of tiie fib- 35 
lie-key to tiie putrfic-key owner 31 through the patii 37 
via the network 33. In response to the request, the pub- 
lic-key owner 31 transfers the public-key distribution 
screen to tiie user 34 through the patfi 38 via ttie net- 
work 33. 40 

The user 34 separates the public-key from the pub- 
lic-key distribution screen which has been transferred, 
encrypts the e-mail by using tiie separated public-key 
and transmit it to the public-key owner 31. The putrfic- 
key owner 31 decrypts the encrypted e-mail ty own pri- 45 
vate-key. 

When tiie user 34 doubts about the auttienticity of 
the transferred public-key. tiie public-key distribution 
screen, which has been transfend, is transfenred to the 
pii)lic-key management cerrt^ 32 by the patii 39. The so 
pii)lic-key management center 32 detects the invisible 
electiwic watermark added to tiie image screen of the 
transfen-ed public-key disbibution saeen, and notffies 
the result to the user 34 by the patii 40. 

By so doing, when a different person pretends to be 55 
the public-key owner 31, ttie pretension can be 
detected. 

In tiiis embodiment, the public-key distribution 



screen is distributed directty from the public- key owner 
3 1 to tiie user 34, but it is also possible to constitute that 
tiie public- key distribution screen is managed by the 
pii)lic-key management center 32 to be distributed. 

Furtiier embodiment of the present invention is 
described below referrir^ to Rgs. 9 and 10A-10D, 
wherein tiie pitlic-key is distributed in accordance witti 
a request by a user. A public-key for the electronic com- 
merce is used here. 

In the embodiments shown in Rg. 6 and shown in 
Rg. 8. tiie public-key owner is checked by using an elec- 
tronic watermarK but in tiie embodiment shown in Rgs. 
9 and 10A-10D, a user of tiie public-key is checked. 

In the digital content management system shown in 
Rg. 9, reference numeral 41 represents a public-key 
owner, 42 a puWic-k^ management center, 43 a net- 
worK and 44 a user. 

The network 43 is a public line or a bidirectional 
CATV line. Between tiie public-key owner 41 and tiie 
user 44. between tiie public-key owner 41 and tt)e pub- 
lic-key management center 42, and between ttie user 
44 and ttie public-key management center 42 are con- 
nected with the network 43 respectively. 

In tiie digital content management system as above 
an-angement. tiie public-key owner 41. first transfers 
tiie owned public-key to the putjiic-key management 
center 42 by ttie path 45. and ttie pii)lic-key manage- 
ment center 42 keeps ttie transferred public-key. 

The user 44. who wishes to place an order or ttie 
like in the electronic commerce to the public-key owner 
41. transfers some data as identifk:ation data for user 
which certifies tiie identity of tiie user 44 to tiie public- 
key management center 42 ttirough ttie patii 46 via ttie 
network 43. 

The public-key management center 42 puts ttie 
public-key in a predetermined position of ttie public-key 
distrbution screen as shown in Rg. 10A and furttier. 
adds tiie identification data for user 44, as shown in Rg. 
10B, in ttie image screen of ttie public-key distribution 
screen as an invisODle electronrc watermark to be trans- 
ferred to ttie user 44 ttirough ttie patti 47 via ttie network 
43. 

As ttie identification data for user used here, rt is 
possible to directty use information such as a user 
name, and also possible to use an eledrorric fingerprint 
which tiie information is reduced to IS^Dyte data witti 
MD5 hash algoritiim. 

The public-key disb-ftxition screen is prepared by 
using HTML or XML to easily separate ttie put public- 
key, and an image data is entered to a part ttiereof. In 
this image data, identification data of the user 44 (user^ 
ID) is added as an invisible electronic watenmark The 
algoritiim for tiie invisible electionic watermark and tiie 
added position are known only to ttie pufc)lic-key man- 
agement center. The puWic-tey management center 
can know tiie desaiption of tiie electronic watermark 
when detected as shown in Rg. 10B. however, a norma! 
screen as shown in Rg. 10A is provkJed when viewed 
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and cannot be known the description of the electronic 
watemnark to other people. 

If the Image saeen is used for an advertisement, 
the cosi required for the distrtoution of the public-key 
can be earned through the advertisement fees. Addi- 
tional information such as urgent or notice information 
can be furth^ inserted on another part thereof. Further- 
more, a time stamp may be added to carry out manage- 
ment such as setting of a valid period. 

It is most appropriate to use a photograph as the 
iniage data. When the sound data can be used, it is also 
possit>le to add the electronic watermark to the sound 
data. 

The user 44 separates the put)Iic-key from the 
transfwred public-key distribution saeen. encrypts an 
order form by using the separated public-key. and trans- 
mits it to the public-key owner 41 together with the 
transferred public-key distribution screen. 

The public-key owner 41 decrypts the enaypted 
order form by using own private-key and executes order 
acceptance. 

When the pul)lic-key owner 41 doubts about the 
authenticity of the person who places the order, the 
transferred pLiDlic-key distribution saeen is transferred 
to the put)lic-key management center 42 through the 
path 48 via the networi< 43. 

The public-key management center 42 detects the 
invisftjie electronic watermark which is added to the 
image screen of the transferred piijlic-key distribution 
saeen. and notifies the resuft to the public-key owner 
41 through the path 49. 

• By so doing, when a different person pretends to l>e 
the user 44, the pretension can be detected. 

For the image saeen, a favorite saeen shown in 
Fig. IOC or a photograph of the public-key owner hinv 
self (herself) as shown in Rg. 10D may be put. In such 
cases, fees for put in the screen are collected and can 
be used for distribution costs. 

Claims 

1 . Distal content management system for managing a 
digital content to which a copyright is claimed, oonh 
prising: 

a user apparatus with: 

a digital content management program embed- 
ded as a mtcro-kernel in an operating system 
thereof; and a usage watch program, whk^h is 
linked to said digital content managenr>ent pro- 
gram Bxxi transferred to said user apparatus by 
broadcast, 

wherein said usage watch program watches 
usage status of said digital content as a proc- 
ess having a higher interruption priority than 
said digital content management program. 

2. Digital content management system according to 



daim 1 wherein information about sakl user is 
^ed as a visible electronic watermark to said dig- 
ital content if illegitimate usage in said usage status 
of said digital content is detected. 

5 

3. Digital content management system according to 
daim 1 wherein information about said user is 
added as an invisfl^le electronic watermark to said 
dSgital content if illegitimate usage in said usage 

10 status of said digital content is detected. 

4. Digital content management system according to 
daim 1 wherein information about said user is 
added as an invisible watermark to said digital con- 

15 tent if storing, copying and/or transfer of said cfigital 
conterrt in said usage status is detected. 

5. Process for managing a digital content in a digital 
content nranagement system, with the steps of: 

20 

supplying a public-key from a public-key man- 
agement center to a user 

putting said public-key in a public-key distribu- 
25 tion saeen and distributing it by broadcast; 

entering image information into sakj public-key 
distribution screen; 

30 adding information about the owner of said 

put)lic-key to said image information as an 
invisble electronic watermark; 

separation of said put)lic-key from said puWic- 
35 key distributkxi saeen by said user for use; 

and 

checking the owner of said putjOc-key by said 
Invisbie electronic watermark by said public- 
40 key management center, when said public-key 

disbibution screen is presented by said user to 
sakl public-key management center. 

6. Process according to claim 5 wherein an electronic 
45 fingerprint of saki information for the owner of said 

put)lic-key is used as the infamation about said 
owner of said put)lic-key 

7. Process for managing a digital content manage- 
50 ment system in which a public-key is supplied from 

a public-key management center to a user, com- 
prising: 

request of the distribution of sakl put>lic-key 
55 from said put>iic-key management center by 

said user; 

putting said public-key in a pii)lic-key distritxi- 
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tion screen for transmittal to said user by said 
public-key management center; 

entering Image information into said put>lic-key 
distribution screen; 5 

adding information about the owner of said 
public-key as an invisible electronic watermark 
to said image information; 

10 

separating sakJ public-key from said public-key 
distritmtion screen for use by said user; and 

checking the owner of sakJ public-key by said 
public-key management center by said invisible rs 
electronic watermarK when said user presents 
said public-key distnlxjtion screen to said pub- 
lic-key nr\anagement center. 



fingerprint of the infonrotion about said user is 
used as said information about said user. 



5. Process according to claim 7. conprising the use of 20 
an electronic fingerprint of the information about 
sakl owner of said public-key as said infonnation 
about said owner of said public-key. 

I Process for managing a digital content in a digital 25 
content management system, in which a public-key 
ts supplied from a public-key management center to 
a user with the steps: 



presenting information about himself and 30 
requesting the distribution of sakJ public-key to 
said public-key nrranagement center by said 
user; 



putting said public-key in a public-key distribu- 35 
tion screen to be transmitted to sakl user by 
said public-key management center; 

entering image information into said pubic-key 
distribution screen; 

adding information about sakl user as an invis- 
ible electronic watermark to sakl image infor- 
mation; 

45 

separating said public-key from said public-key 
distribution screen and transfemng of said pub- 
lic-key distribution screen to the owner of sakl 
public-key together with digital content 
encrypted by sakl public-key by said user; and so 

checking said user by said public-key manage- 
ment center by said invisible electronic water- 
mark, when said owner of said public-key 
presents said public-key distribution screen to 55 
sakl public-key management center. 

Process according to daim 9 wherein an electronic 
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